apple-dev-docs
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The setup instructions in
SKILL.mdandscripts/setup.shautomate the addition of a third-party Homebrew tap (Abdullah4AI/tap) and the installation of binary utilities (appstore,swiftship). Since the source is not a trusted organization or repository, this constitutes a high risk of unverified binary code execution. - COMMAND_EXECUTION (HIGH): The skill provides an interface for executing a wide range of sensitive system commands, including Homebrew operations and App Store Connect management tasks that handle sensitive private keys and app metadata.
- REMOTE_CODE_EXECUTION (MEDIUM): Through the
swiftshiptool, the skill autonomously generates and executes code. It translates natural language descriptions into Swift files and project configurations, which are then compiled and run locally. This dynamic generation and execution of code is a known vector for code execution vulnerabilities. - PROMPT_INJECTION (LOW): The autonomous app building loop is susceptible to indirect prompt injection. Ingestion surface: natural language app descriptions (README.md). Boundary markers: None identified. Capability inventory: File-system writes, xcodebuild execution, and simulator launch. Sanitization: None identified. A malicious description could lead the agent to generate and execute unauthorized code during the build-and-fix phases.
Recommendations
- AI detected serious security threats
Audit Metadata